package com.zxw.springtest.login.controller;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.octo.captcha.module.servlet.image.SimpleImageCaptchaServlet;
import com.zxw.springtest.login.service.LoginService;

/**
 * 类描述		登陆密码及验证码校验
 * @author zhengxw
 * @since 2017年1月4日
 */
//@Service
public class LoginShiroFilter extends FormAuthenticationFilter{
	@Autowired
	private LoginService loginService;
	
    /**
     * 字段描述	验证码，默认为空
     * @author zhengxw
     * @since 2017年1月4日	
     */
    private String codeValueParam	= "";
	public String getCodeValueParam() {
		return codeValueParam;
	}
	public void setCodeValueParam(String codeValueParam) {
		this.codeValueParam = codeValueParam;
	}
	
	/**
	 * 默认存在用户名、密码、记住我的获取方式
	 * 需要添加不存在的获取验证码的方法
	 */	
	protected String getCodeValue(ServletRequest request){
		return WebUtils.getCleanParam(request, codeValueParam);
	}
	
	/**
	 * 方法描述 	Processes requests where the subject was denied access as determined by the isAccessAllowed method.
	 * @author zhengxw
	 * @since 2017年2月13日
	 * @param request
	 * @param response
	 * @return
	 * @throws Exception
	 * @see org.apache.shiro.web.filter.authc.FormAuthenticationFilter#onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
	 */
//	@Override
//	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//		HttpServletRequest req = (HttpServletRequest)request;
//		//取出验证码
//		String codeValue	= getCodeValue(request);
//		boolean checkRs = SimpleImageCaptchaServlet.validateResponse
//    			((HttpServletRequest)request, codeValue);
//        if(!checkRs){//验证码正确     	
//        	// 如果校验失败，将验证码错误失败信息，通过shiroLoginFailure设置到request中  
//            req.setAttribute("shiroLoginFailure", "randomCodeError");  
//            // 拒绝访问，不再校验账号和密码  
//            return true;  
//        }
//		
//		return super.onAccessDenied(request, response);
//	}
    
    @Override
    protected AuthenticationToken createToken
    	(ServletRequest request, ServletResponse response) {
    	String userName 	= getUsername(request);
    	String passWord 	= getPassword(request);
    	boolean isRemember 	= isRememberMe(request);
    	
    	
//    	Boolean isLogin = loginService.login(userName,passWord);
//    	if(isLogin){
    		UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
    	    token.setRememberMe(isRemember);
    	    Subject currentUser = SecurityUtils.getSubject();
    	    currentUser.login(token);
    	System.out.println("createToken");
    	return super.createToken(userName, passWord, request, response);
    }
}
